Upgrade port audit now!
Simon L. B. Nielsen
simon at FreeBSD.org
Sun Mar 11 21:40:31 UTC 2012
Hey,
If you have portaudit installed, you should upgrade sooner rather than later!
Begin forwarded message:
> From: "Simon L. Nielsen" <simon at FreeBSD.org>
> Subject: cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist ports/ports-mgmt/portaudit/files portaudit-cmd.sh
> Date: 11 March 2012 21:32:58 GMT
> To: ports-committers at FreeBSD.org, cvs-ports at FreeBSD.org, cvs-all at FreeBSD.org
>
> simon 2012-03-11 21:32:58 UTC
>
> FreeBSD ports repository
>
> Modified files:
> ports-mgmt/portaudit Makefile pkg-plist
> ports-mgmt/portaudit/files portaudit-cmd.sh
> Log:
> Portaudit 0.6.0:
>
> Fix remote code execution which can occur with a specially crafted
> audit file. The attacker would need to get the portaudit(1) to
> download the bad audit database, e.g. by performing a man in the
> middle attack.
>
> Add signature verification of the portaudit database. The public key
> is for the database generated for portaudit.FreeBSD.org is included
> in the distribution.
>
> Submitted by: Michael Gmelin <freebsd at grem.de>
> Reported by: Michael Gmelin <freebsd at grem.de>, Joerg Scheinert
> Security: Remote code execution
> Security: http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
> Feature safe: yes
> With hat: so
--
Simon L. B. Nielsen
FreeBSD Deputy Security Officer
More information about the freebsd-ports
mailing list